Selected Filter(s):

All Reports

Advisory Note

KuppingerCole’s Advisory Notes are short reports that present information about a specific topic, company, or product. Advisory Notes are published on a regular basis and are aimed at the management of a company. An Advisory Note gives usage recommendations and helps decision makers solve specific problems.

Executive View

KuppingerCole’s Executive View is a short report with four to five pages written by one of KC’s Analysts about a specific client product. In an Executive View an analyst describes the product in a concise manner and shows its strengths and challenges to give end users a short expert reference.

Leadership Brief

KuppingerCole’s Leadership Brief provides condensed research and advice for executives and decision makers in organizations. These two-page documents cover business challenges and advise on how to address them, focusing on the key issues and allowing decision makers to quickly identify the right solutions.

Leadership Compass

KuppingerCole’s Leadership Compass is a tool that provides an overview of a particular IT market segment and identifies the leader in that segment. It is the compass that assists decision makers in identifying the right vendors and products for their projects.

Product Report

KuppingerCole’s Product Report is a report written by one of KC’s analysts about a special client product. In a Product Report an analyst describes the company and its product in a detailed way and looks closely at different aspects of the product to give end users an extensive expert reference.

Survey

KuppingerCole’s Surveys present the results of a predetermined set of questions that are given to a special target group. Surveys are published on a regular basis or due to assignment through a partner.

Vendor Report

KuppingerCole’s Vendor Report is a report written by one of KC’s Analysts about a specific company. In a vendor report an analyst describes the company and its whole product range in detailto give end users an extensive expert reference about the company as a vendor.

Whitepaper

KuppingerCole’s Whitepaper is a report written by one of KC’s analysts that informs readers about a specific, usually complex issue. A whitepaper is meant to help readers understand an issue, solve a problem, or make a decision.

2017

How do you ensure secure and compliant access to cloud services without losing the agility and cost benefits that these services provide? This report gives you an overview of the market for Cloud Access Security Brokers and a compass to help you to find the product that you need.

eperi provides an encryption gateway for data stored in the cloud, based on a unique flexible approach based on templates that specify which data should be encrypted and how. Combined with built-in indexing capabilities, the product enables fully transparent and infinitely extensible end-to-end cloud data encryption with out-of-the-box support for popular SaaS applications.

SailPoint SecurityIQ counts amongst the leading Data Access Governance solutions, providing tight integration into SailPoint IdentityIQ and thus delivering full Data Access Governance capabilities. Amongst the outstanding features are the real-time and behavioral analytics features and the broad support for unstructured data stores such as file servers, NAS devices, and SaaS data stores.

Ransomware is a global cybersecurity threat. This KuppingerCole Buyer’s Guide will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments. This document will prepare your organization to conduct RFIs and RFPs for ransomware protection.

Ransomware is a top security threat and continuously on the rise. Financial organizations, healthcare institutions, and manufacturing industries are the most vulnerable groups; however, individual users as well have been victims of ransomware. The purpose of this Advisory Note is to analyze the concept of ransomware, elaborate on its global reach and provide concrete advice on what to do…

Thycotic Secret Server is a mature enterprise - class offering for Privilege Management, supporting the key areas of the market such as Shared Account and Privileged Password Management, Session Monitoring, Account Discovery, and others. The solution convinces with its approach for rapid deployment and an overall strong feature set.

Auth0 has a flexible identity platform that can be used for both Consumer Identity and Access Management (CIAM), Business - to - Employee (B2E), and Business - to - Business (B2B) scenarios. Auth0’s Customer Identity Management solution is focused on developers an d as such is highly customizable to meet a variety of business requirements.

The Content Threat Removal Platform by Deep Secure provides comprehensive on - the - fly analysis of incoming data, extracting only the useful business information while eliminating malicious content and then reconstructing new clean data for delivery. In this way, it defeats zero - day attacks and prevents data loss, all transparent to end users.

Microsoft Azure Stack is an integrated hardware and software platform for delivering Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) services of Microsoft Azure public cloud on premises, providing a truly consistent hybrid cloud platform for a wide variety of business use cases.

ForgeRock Identity Platform delivers a common set of capabilities, as well as good integration for the various ForgeRock components. It provides a common layer for identity and access management services that customers require when building new consumer - facing business applications and services, including consumer and industrial IoT support, on their way to the…

Signicat offers cloud-based services for secure access to applications, identity proofing, electronic signing, and long-time archiving of signed and sealed documents. Recently, their portfolio has been expanded to include a mobile authentication product to help customers meet PSD2 requirements.

Leaders in innovation, product features, and market reach for Identity as a Service offerings targeting full Identity and Access Management and Governance capabilities for employees in hybrid environments, but also delivering Single Sign-On to the Cloud and providing support for other groups of users. Your compass for finding the right path in the market.

Nexis Controle 3.0 implements intelligent role and identity analytics while laying the foundation for strategic role lifecycle management as either a stand-alone solution or as a companion component to existing Identity and Access Management infrastructures. The integration of corporate business expertise through targeted workflow and interaction approaches means a leap forward towards…

Leaders in innovation, product features, and market reach for Identity as a Service offerings targeting Single Sign-On to the Cloud for all types of users, with primary focus on cloud services but some support for on-premise web applications. Your compass for finding the right path in the market.

The „Digital Transformation“ is changing business models, business processes, and the services provided to customers. With the Digital Transformation leading to a tight integration between business and the underlying IT infrastructure, that IT infrastructure must change as well for supporting the new business requirements on agility, innovativeness, and security. Identity…

Organizations are under pressure to change in the current age of Digital Transformation. Business models are changing and a common element of new business models is the changing relationship to customers and consumers. While managing consumer identities is increasing in relevance, most information still is held in on-premise systems. The combination of new regulations, such as the…

GDPR and PSD2 will pose enormous technical challenges. Learn more about the challenges and opportunities and how CIAM solutions can help organizations comply with these new regulations.
This Leadership Brief shows the slides which correspond with the keynote KuppingerCole Lead Analyst John Tolbert held on June 20, 2017 during the Cloud Identity Summit in Chicago.

PingDirectory provides a flexible and scalable base for IAM and customer IAM. With advanced functions for encryption, load-balancing, and virtual directory, PingDirectory can meet and exceed security requirements and SLAs.

Leaders in innovation, product features, and market reach for Privilege Management. How do you control access to your critical systems and business information while allowing secure and optimised day to day business operations? This report provides an overview of the market for Privilege Management and provides you with a compass to help you to find the Privilege Management product that…

This report provides an overview of the market for Consumer Identity and Access Management and provides you with a compass to help you to find the Consumer Identity and Access Management product that best meets your needs. We examine the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing CIAM solutions.

The Internet of Things (IoT) is a computing concept that describes a future where everyday physical objects are connected to the Internet and communicate with other devices and human users. Adding notions of digital identity has been problematic to date, but identity management solutions are on the horizon that will improve usability and security for IoT.

From May 2018, when the upcoming EU GDPR (General Data Protection Regulation) comes into force, the requirements for managing personal data will change. This report identifies six key actions that IT needs to take to prepare for compliance.

Salesforce has been a pioneer in Software as a Service (SaaS) from the early days. Digital identity has been an integral part of the Salesforce platform. Salesforce Identity is an enterprise class CIAM and IDaas solution.

Nok Nok Labs S3 Authentication Suite is a unified strong authentication platform that incorporates FIDO Alliance specifications and other industry standards, as well as proprietary innovations. The S3 Authentication Suite provides a full stack of client- and server-side technologies for incorporating interoperable and future-proof risk-based biometric authentication into mobile and web…

CyberArk is a pioneer in Privileged Account Security, and is widely recognized as the leader in this sector. Building upon a strong base product, CyberArk has enhanced its offering to include the capabilities that organizations need to secure and manage pr ivileged accounts and their credentials associated with users, applications, and other system assets across an…

Mastering authorization is critical for modern organizations with multiple user constituencies, applications, and data types. Groups are necessary but not sufficient in complex environments. Roles are handy for adding manageability and assurance to coarse - or medium - grained authorization but break down in the face o f dynamic environments or complex access policies. A…

EmpowerID provides a complete solution for IAM, CIAM, and Adaptive Authentication. With a highly customizable workflow and authorization engine, EmpowerID delivers advanced functionality for enterprise and government customers.

Managing mobile device access to corporate applications and databases is a major requirement for all organizations. Mobile security, including a secure development environment for mobile apps and standardized authentication and authorization services are essential components of mobile strategies.

Strong authentication via smartphones is available today in many countries. GSMA’s Mobile Connect specification can improve security and help banks and third party providers comply with the EU’s Revised Payment Service Directiv e (PSD2).

Getting sufficient and sufficiently skilled people for your Cyber Defense Center (or your IT Security department) is tough. The answer to the skill gaps consists of three elements: Education. Services. Tools.

Hitachi ID offers an all - in - one IAM package to address enterprise business requirements. With an emphasis on process automation and self - service, the Hitachi ID IAM Suite helps businesses reduce their expenditures on identity - related administration and governance.

As a long-term contractor to the Dept. of Defense in the United States, Jericho Systems have a history of developing technology that protects computing assets from unauthorized access. Their development activity has attracted a number of awards and the company has been granted patents over their intellectual property. Of late the company has developed a more diversified client base,…

The firewall is dead – long live the firewall.... In today’s modern business the traditional firewall model, sitting at the corporate perimeter, has little value, and more often than not hinders business agility. In building a modern, resilient and defendable network the firewall may have a part to play, by using it in a role where it is actually able to be effective.

Identity Management, Endpoint Security , Mobile Device Management and Access Management are typically considered to be isolated discipline s . This can make administration and governance in these areas complex. Having a holistic approach for the administration and supervision of all types of users, end user software and …

PingOne provides c loud - based Single Sign - On (SSO) and Identity - as - a - Service (IDaaS) for employees, business partners, and consumers . PingOne is a key component of PingIdentity’s Consumer Identity and Access Management SaaS offering, supporting social logins, self - registration, and SSO to all popular SaaS apps.

Database security is a broad section of information security that concerns itself with protecting databases against compromises of their integrity, confidentiality and availability. It covers various security controls for the information itself stored and processed in database systems, underlying computing and network infrastructures, as well as applications accessing the data.

The Finance Industry is facing a profound change with the introduction of PSD2, an update to the 2007 EU Directive on Payment Services. The directive, which comes into force on January 13, 2018, continues Europe´s goal to modernize, unify and open its financial landscape. In early 2017 KuppingerCole performed a survey amongst the industries affected by PSD2, such as banks and…

Many new biometric technologies and products have emerged in the last few years. Mobile biometric solutions offer multi-factor and strong authentication possibilities, as well as transactional authorization. Mobile biometrics will become an important architectural component in the financial services industry under the Revised Payment Services Directive (PSD2). However, there are several…

The Future of Banking: Innovation & Disruption in light of the revised European Payment Services Directive (PSD2) In early 2017 KuppingerCole performed a survey amongst the industries affected by PSD2. The primary focus of the survey was on Strong Customer Authentication, API Strategy and KYC & Customer Identity Management, in the context of the changing requirements imposed by…

Organizations are adopting a hybrid model for the delivery of IT services a consistent approach is needed to govern and secure data on-premise, in the cloud and when shared with external parties. NextLabs Data Centric Security Suite provides a proven tool that can protect data and ensure compliance in this hybrid environment.

The Revised Payment Service Directive (PSD2) mandates that banks provide APIs for Account Information Service Providers (AISPs), Payment Initiation Service Providers (PISPs) and any Third Party Providers (TPPs) to use.

Many new biometric technologies and products have emerged in the last few years. Biometrics have improved considerably, and are now increasingly integrated into smartphones. Mobile biometric solutions offer not only multifactor and strong authentication possibilities, but also transactional authorization. However, there are a number of challenges with biometric…

PingFederate sets the standard for identity federation standards support. PingFederate can enable Single Sign-On (SSO) between business units, enterprises, and all popular SaaS applications. PingFederate works both on-premise or in the cloud, and is easy for administrators to install and maintain.

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. CensorNet Unified Security Service provide a valuable tool that organizations can use to improve…

Privileged Accounts are the high-risk accounts – and they are the target of attackers, both internals and externals. SOCs must implement modern Privilege Management as part of their overall toolset, for identifying and countering attacks. Session Monitoring and Privileged User Behavior Analytics are cornerstones of a modern SOC.

AWS Lambda is an event-driven serverless computing platform that completely abstracts the underlying cloud infrastructure to let developers focus on the core business functionality of their applications, providing transparent scalability and redundancy across multiple datacenters in the Amazon Cloud.

A comprehensive approach to data protection – one that combines all aspects of computing infrastructure– rather than the point products that comprise many organization’s cybersecurity environment, is a decided plus, provided the overall goal is achieved.

RSA Identity Governance and Lifecycle is a complete solution for managing digital identities, both inside and outside the enterprise. The RSA solution covers all aspects of governance from attestations to policy exceptions and identity lifecycle, from provisioning to entitlement assignment to access reconciliation to removal.

RightsWATCH automatically classifies and protects any file format in accordance with corporate policy based on content, context or metadata-aware policy rules, extending the Microsoft Right Management facility to ensure that sensitive and confidential information is identified and classified appropriately.

Industrial Computer Systems (ICS) are increasingly coming under attack as hackers are realizing the economic and reputational benefit of a successful operations technology system compromise. Organizations seeking to exploit their plant automation systems to drive business processes are deploying communications paths to their ICSs and raising the risk profile of their organizations.

Achieving risk governance and resilience, while ensuring protection from Cyber risks by creating a standards-based process framework focusing on a risk based approach and implemented using a complementary software platform.

2016

Role-based access control (RBAC) has become an important part of Access Management and Access Governance. However, defining, implementing and maintaining an enterprise role model remains a substantial task and many projects fail. This document describes best practice approaches towards the right data model, efficient processes and an adequate organization for implementing role management…

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. CipherCloud Trust Platform provides a valuable tool that organizations can use to improve governance…

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. Skyhigh Cloud Security Platform provides a valuable tool that organizations can use to improve…

Well-designed, state-of-the-art compliance programs help in maintaining an adequate IT architecture and its underlying processes. Forward-thinking organisations understand compliance as a strategic and future-oriented business objective, and embed IT Compliance and security into their organizational process framework and transform compliance expenses into strategic budgets.

The data held in office productivity suites like Office 365 spans the whole operation of an organization from the board to the shop floor. This makes it imperative that it is protected against risks of leakage and unauthorized disclosure. Vaultive cloud data security provides an important solution for organizations seeking an approach for encrypting and otherwise protecting…

Data classification is a requirement of every security framework. More importantly it should be key part of any organization’s control framework, by clearly informing the person (or system) handing the information, whether an employee of the company or an external entity, how that information should be handled.
Only by providing clear, unambiguous guidance can information be…

As cyber-attacks are becoming increasingly advanced and persistent, and the traditional notion of a security perimeter has all but ceased to exist, organizations have to rethink their cybersecurity strategies. The new Real-Time Security Intelligence solutions are combining Big Data and advanced analytics to correlate security events across multiple data sources, providing early detection…

The Financial Services Industry (FSI) is undergoing unprecedented evolutionary and revolutionary change. FSIs need to transform their business models to respond to today’s challenges and to position the business with the flexibility required to adapt to opportunities as the business landscape evolves.
This report examines the issues and challenges FSIs face with market…

Blockchain seems to be one of the most important basic technologies of emerging business models and countless entrepreneurial initiatives using it have been started in the recent past.
This report provides insights and a closer look at how blockchain technology is most probably improving the current state of Information Stewardship. It highlights the most relevant value proposition,…

Securonix Platform provides advanced security analytics technology for collecting, analyzing and visualizing a wide range of business and security information, converting it into actionable intelligence and serving as a basis for a broad portfolio of specialized security solutions.

Threat intelligence is a vital part of cyber-defence and cyber-incident response. To enable and automate the sharing threat intelligence, OASIS recently made available the specifications for STIX™, TAXII™ and CybOX™ as international open standards. This report provides an overview of these specifications and their application to Real Time Security Intelligence.

Many enterprises have decided on a “cloud first” strategy, or have seen heavy cloud adoption evolve spontaneously as their business units embrace cloud for cost savings, agility or other competitive imperatives. Security teams face challenges controlling, influencing or enabling cloud adoption. This document provides guidance on how IT security leadership should deal with the…

Sophos offers a range of security solutions as software, appliances and cloud services. These products exploit threat intelligence that is gathered by Sophos Labs, shared in real time between Sophos Next-Gen Firewall and Sophos Next-Gen Endpoint Protection, and integrated through Sophos Security Heartbeat. These products include the recently released Sophos Intercept X.

VMware Identity Manager bridges the gap between IT Service delivery and access to applications. Available as both an on-premise and a cloud solution, VMware Identity Manager delivers instant SSO to a broad variety of applications and provides contextual experience to VMware WorkspaceOne.

Distributed and decentralised ledger technology with Smart Contracts and the Internet of Things (IoT) can enhance BPM (Business Process Management) and BPO (Business Process Optimisation) processes significantly.
This report examines the role that blockchain-based technologies and IoT can play in streamlining and managing BPM/BPO.

Ergon Informatik, a Swiss software vendor, delivers an integrated solution for Web Access Management, Identity Federation and Web Application Firewall capabilities that shows both breadth and depth in features. Furthermore, it comes with a good set of baseline identity lifecycle management functions, especially for external users.

How do you ensure secure and compliant access to cloud services without losing the agility and cost benefits that these services provide? This report gives you an overview of the market for Cloud Access Security Brokers and a compass to help you to find the product that you need.

The core features of blockchains - decentralization and algorithmic consensus – can enable the creation of Life Management Platforms (LMPs) with better security and availability, as well as promote wider public adoption by providing independently-verifiable proof of personal data integrity. Even though there remain some requirements of LMPs that are not solvable with blockchains,…

Azure’s Blockchain-as-a-Service (BaaS) operates both as Infrastructure-as-a-Service and a Platform-as-a-Service. With its large number of strategic partnerships and template library of preconfigured Virtual Machines, developer templates and artefacts, Microsoft Azure’s BaaS offering can significantly lower technical complexity barriers to the adoption of blockchain-powered…

With the new Garancy Recertification Center, Beta Systems is closing a previous gap in its portfolio in the Access Governance segment. The portal solution for recertification enables companies to run review campaigns of the users’ access rights in a business-friendly and intuitive browser interface – optimized for usage on desktops, tablets and also on mobile devices.

Managing provisioning into an identity repository is a basic organizational process that varies remarkably between organizations. Some companies have a highly functional process that minimizes manual input and maximizes efficiency. Others have very manual processes that are costly and open to abuse. Deep Identity has developed an easy-to-use solution that adopts a role-based provisioning…

Sophos UTM is a suite of integrated security applications that provides the same layered protection for applications and data hosted in the AWS cloud as for on premise deployments. This report provides a review of the functionality provided by this set of products and an assessment of its strengths and challenges.

A blockchain is a data structure, originally used by bitcoin, that maintains a growing list of transaction records in a way that is extremely resistant to tampering. This technology is seen by many as the basis for creating distributed ledgers for a wide range of applications. This report considers the risks associated with the use of this technology and recommends an approach to managing…

Blockchains have the ability offer many solutions regarding the security concerns currently limiting the growth of the Internet of Things (IoT). Blockchains, combined with other decentralised, peer-to-peer technologies can improve IoT security by enabling authenticity and integrity assurance of connected things, scalable management of connected devices, and secure information transmission.

From trusted third parties to algorithmic consensus: new cybersecurity opportunities and challenges with blockchains. Blockchains can provide distributed and decentralised improvements to the merely distributed critical systems the internet depends on today, but we cannot yet completely replace trusted third parties and human judgement with algorithms.

SailPoint IdentityIQ is one of the leading products in the emerging market for Identity and Access Governance. The governance-based approach centralizes visibility and compliance, and minimizes risk by applying controls across all IAM services geared towards business users. They expand their libary of connectors and extend their integration of Mobile Device Management tools and cloud…

IBM’s Security Privileged Identity Manager is an across-the-board Privilege Management solution which protects, automates and audits the use of privileged identities and recourses across the extended enterprise, including cloud environments. It stands out from competitors for its fine-grained database privilege management capabilities and well-designed administrator endpoint monitoring.

A perennial problem for programmers is the need to authenticate users. In some cases, there is no infrastructure to support access control and in many cases there is no single identity repository of user data to be used as an authentication source. In a federated environment there are multiple identity providers to accommodate and problems are compounded when members of the public are…

ForgeRock OpenIDM is a standards- and platform-centric product which combines proven reliability with ForgeRock’s commitment to innovation. Given the growing importance of customer-centric identity management, OpenIDM’s focus on performance, flexibility and the management of not only people, but devices and things makes this product worthy of serious consideration for…

Directory Services, Identity Federation, and Access Management from the Cloud in a single integrated solution. Extend your Active Directory infrastructure to the Cloud and manage business partners, customers, and Cloud service access in a combined service.

EmpowerID Office 365 Manager is an Identity and Access Management solution for Office 365 providing single sign-on, user provisioning and administration, and access governance functions in a single integrated package.

A solution for managing secure access to corporate resources and protected assets. Strong authentication, a broad spectrum of access management methods, sustainable maintenance processes of identities and authorization data form the basis for secure and auditable user access to applications.

Contextual Security Intelligence is a new IT security concept, which states that additional levels of security controls restricting business performance should be avoided and replaced with more efficient monitoring tools. Balabit’s CSI Platform combines Log Management, Privileged Activity Monitoring, and User Behavior Analytics into an integrated real-time security intelligence…

One Identity Manager is well-designed, well-integrated and complete Identity Management solutions, which continues to demonstrate leadership in the IAM/IAG market. Version 7.0.1 builds on the major release (v7), and adds a significant number of new features along with performance improvements thanks to its new modular architecture.

PingAccess is a web and API Access Management offering from Ping Identity. PingAccess is tightly integrated with PingFederate and provides a superior alternative to traditional Web Access Management products with its ability to provide policy- and context-driven access control to traditional on-premise web applications and cloud applications, as well as to REST-based APIs.

Omada Identity Suite is a strong offering which is well-respected for its advanced Access Governance features. New functionality and strategic partnerships position the solution as a comprehensive Identity and Access Management product, with flexible cloud and on-premise deployment options.

Identity and Access Management (IAM) have been with us long enough to develop a strong history, but also a strong mythos, that is, a set of beliefs or assumptions which might or might not be correct – or which may have once been correct but are no longer.

PointSharp Mobile Gateway is an enterprise mobility solution that provides strong authentication and easy, yet secure, mobile access to Microsoft Exchange and Skype for Business, both on-premise and in the cloud.

CyberArk’s latest major release of Privileged Threat Analytics is a capable and focused solution for the mitigation of threats caused by the abuse or misuse of privileged system accounts and entitlements. With the addition of several key features, Privileged Threat Analytics now provides real-time network threat detection and automated response capabilities.

Atos DirX Identity encompasses a rich feature set for all areas of Identity Management and Governance. Its comprehensive business and process-driven approach includes very strong modelling capabilities of the organisational structure and user relationships thus providing the foundation for a business, rather than a technology-centric approach to identity management.

BeyondTrust’s PowerBroker product family provides a well-integrated solution with a broad range of capabilities for the mitigation of threats caused by the abuse or misuse of privileged system accounts and entitlements, on endpoints as well as server systems. With dedicated products for major system architectures, PowerBroker provides deep support for privilege management on…

A feature-rich customer identity management platform providing strong analytics and tools for business-oriented decision-making processes while enabling compliance with legal and regulatory requirements and an adequately high level of security.

In these days of ever-increasing cyber-attacks, organizations have to move beyond preventative actions towards detection and response. This no longer applies to the network and operating system level only, but involves business systems such as SAP. Identifying, analyzing, and responding to threats is a must for protecting the core business systems.

Balabit Shell Control Box is a standalone appliance for controlling, monitoring and auditing privileged access to remote servers and network devices. Shell Control Box provides a transparent and quickly deployable PxM solution without the need to modify existing infrastructure or change business processes.

The Balabit syslog-ng product family provides technologies that allow collecting, processing, and analyzing log events from a variety of different sources, going well beyond the standard syslog component. The products are relevant both as a complement to and a replacement for standard SIEM solutions.

For organizations trying to provide an attractive user experience while protecting corporate information, the continuing rise in popularity of mobile devices, connecting from both inside and outside the corporate network, is a trend that can be frustrating. For organizations with intellectual property and sensitive information that must be shared between staff and business partners, a…

Developing secure and robust applications and deploying them continuously and cost effectively? All organizations, digital or those undergoing a digital transformation, are facing these challenges though the answers are not straightforward. This document describes agile approaches to system development and delivery. It discusses why and how organisations should embed strong principles for…

Cayosoft Administrator is an integrated solution for simplifying and automating management of Active Directory and Office 365 environments, including hybrid deployments. It replaces multiple native and legacy tools with a unified modern administrative console and a self-service web portal.

LSE LinOTP is a standards-based, open source solution that provides token and SMS-based Multi-Factor Authentication by integrating with existing authentication challenge schemes. LinOTP provides strong authentication to hosted web and mobile applications, as well as non-web based protected resources.

YubiKey is a hardware authentication device that provides two-factor authentication using either one-time passwords or public key infrastructures. Combining strong cryptography with ease of use and supporting a wide range of authentication methods and protocols, YubiKeys are widely deployed by both enterprises and consumer-oriented online services.

Lieberman Software Enterprise Random Password Manager is a solution for privileged credentials management and discovery. This product provides a strong and scalable solution which easily integrates with critical systems widely used in the enterprise to mitigate the risks associated with privileged credential management.

Mapping existing policies to system-specific checks and initiating mitigating measures in case of deviations are major challenges for organizations relying on the use of IT systems. Enforcive CPC as an IT-GRC solution provides template-based compliance checks, alerting mechanisms and adjustment of misconfiguration, to maintain compliance in heterogeneous IT landscapes.

Secure lifecycle management of company documents is the goal. Organizations need to be able to manage document permissions and protect them from inappropriate access even when accessed and modified externally. The Intralinks VIA product provides a powerful solution that balances the user experience with document security.

The Financial industry is estimated to spend over US$1bn on Blockchain projects over the next two years. This report provides an overview of impact Blockchain is having within the Financial Sector, the benefits that can be achieved, the challenges and the changes to expect from this emerging technology.

Intermedia AppID® Enterprise is a cloud based identity management platform for web applications. This provides a solution to many of the security and compliance needs of the agile connected business. As well as adding value to the cloud and hosting services provided by Intermedia it is also of interest to organizations that use web applications from other providers.

Today’s software solutions rely on the re-use of existing software. This ranges from the inclusion of source code provided by various sources to Application Programming Interfaces (APIs), to third party libraries and standardized remote services. Securing internet-facing or enterprise systems built in this heterogeneous manner is an important challenge that needs to be approached…

Information Rights Management (IRM) is the discipline within Information Security and IAM (Identity and Access Management) that allows protecting information right at the source - the single file. IRM is a technology used to protect and facilitate the editing, distribution and access of sensitive or confidential information in a business-to-business model. Is it ready for prime time?

One area of information technology that is typically ignored by IT departments and consultants is industrial control systems. This is unfortunate because these “operational technology” systems have much to benefit from interconnection with IT networks.

Nexis contROLE provides effective and convenient role lifecycle management combined with role analytics as either a stand-alone solution or as an add-on to existing Identity and Access Management infrastructures.

2015

How do you control access to your critical systems and business information while allowing secure and optimised to day business operations? This report provides an overview of the market for Privilege Management and provides you with a compass to help you to find the Privilege Management product that best meets your needs.

Comprehensive Rights Management solution including information classification, based on a well thought-out policy management model supporting XACML as a standard, with outstanding support for PLM environments and engineeering data.

WSO2 App Manager is an Open Source solution for unified management of enterprise applications providing identity and access management, as well as complete lifecycle governance for mobile and web apps.

Secure Islands IQProtector is a solution providing classification, encryption, usage rights management and enforcement, monitoring and analytics for information at the business, created by a wide variety of sources, both on-premise and in the cloud.

Amazon Web Services (AWS) offers a broad set of over 40 services: compute, storage, database, analytics, application, and deployment. This report provides an overview of AWS Directory Service and Identity and Access Management.

Cyber Security risk management needs to move up from the traditional IT areas of firewalls and anti-virus software management to the Executive and the Board level as the business risk of security failings in today’s information driven economy escalate. It is no longer just a technical issue. Investment must be put into place to address this growing threat.

Evidian Identity & Access Manager is an integrated solution for Identity Provisioning and Access Governance. It provides strong capabilities in these areas and excellent integration into the Evidian products such as Enterprise Single Sign-On.

VMware Identity Manager bridges the gap between IT Service delivery and access to applications. Available as both an on-premise and a cloud solution, VMware Identity Manager delivers instant SSO to a broad variety of applications.

From 2013 to 2014 data breaches nearly doubled. Well known consumer brands, financial institutions, retail chains and government agencies have all been affected. Organisations need to rethink or strengthen their data privacy strategies to cope with this rising threat. Lack of action and well thought out risk management and stakeholder management plans may subject your organisation to…

Today’s diverse and rich identities are major assets for virtually every organization. Maintaining and ensuring an adequate level of Identity Information Quality is essential for leveraging identity information as the basis of operational and business processes.

Managing access to data held in databases is becoming increasingly important. We need a way to mask sensitive data from those who should not see it and deliver content those who should. We also need to do this dynamically, removing access on a real-time basis as user authorization changes.

Digital Transformation is on its way. Unstoppable, inevitable, with increasing speed. Organizations have to react, in particular for avoiding unpredictable risks. Digital Risk Mitigation is a key success factor in the digital transformation of businesses.

The European Identity Award 2015 for “Best IAM Project”: a strong example of an IAM solution encompassing not only the employees of the organization and its HQ, but also supporting a decentralized organization as well as the extended enterprise.

The Balabit syslog-ng product family provides technologies that allow collecting, processing, and analyzing log events from a variety of different sources, going well beyond the standard syslog component. The products are both relevant as complement and replacement of standard SIEM solutions.

ForgeRock OpenAM provides a comprehensive offering for managing access, beyond traditional Web Access Management and Identity Federation, adding support also for e.g. connected things and a variety of other capabilities, providing high scalability supporting the requirements of the emerging field of Identity Relationship Management (IRM).

Changing enterprise infrastructures and the overall growing threat level influence the security of all vital business-supporting systems and processes. Identifying the priorities for securing your SAP infrastructure and maintaining appropriate security is a continuous business and governance challenge.

In today’s environment, with so many demands on identity information, an advanced identity provider service is required that can integrate disparate technology and bridge mature identity management environments to the new requirements of Cloud services, mobile device management and the Internet of things.

The European Identity Award 2015 for “Best IAM Project”: a strong example of an IAM solution encompassing not only the employees of the organization and its HQ, but also supporting a decentralized organization as well as the extended enterprise.

In approaching the selection of a vendor for the provision of secure information sharing solution it is important to take an information lifecycle approach whereby the processes around data generation, its transformation and classification, as well as data storage and data destruction, are well defined. This requires policy to be established to advise on the proper location of records,…

This report provides an overview and analysis of the market for Access Control & Access Governance Solutions for SAP environments. By adding the right Access Control components to their SAP infrastructure, organizations can significantly improve enterprise risk management and corporate compliance with applicable laws and regulations. This report provides you with a compass to help you…

This report provides an analysis of the market for API Management solutions with a strong focus on security features. Rapidly growing demand for publishing and consuming APIs, which creates new business models and communication channels, has introduced new security challenges. This Leadership Compass helps you find the best solution that addresses your requirements, while maintaining the…

This report provides an overview of HP Helion Managed Virtual Private Cloud together with an assessment of the security and assurance provided in respect of five critical risks faced by a cloud customer.

This report provides an overview of VMWare vCloud Air Infrastructure as a Service together with an assessment of the security and assurance provided in respect of five critical risks faced by a cloud customer.

EIC Award 2015 for Best Access Governance / Access Intelligence Project: Implementation of a large-scale, state-of-the-art Access Management and Access Governance project improving the bank’s compliance and efficiency while transitioning to “IAM as a Service” as a modern Business Process Outsourcing model.

Oracle Privileged Account Management (OPAM) is a secure password management solution for generating, provisioning and controlling access to privileged account credentials, as well as administrative session management and recording. It is one of the key components of the Oracle Identity Governance suite.

Integrate Digital Business Strategy and Information Risk Management into your organization for IT and business. Create a new type of collaborative organization, enabling the sustainable and risk-driven development of strategies for the Digital Enterprise.

ITMC, a Danish vendor, delivers a comprehensive solution for Identity Provisioning and Access Governance with its IDM365 product. The product works in a task-centric way with a modern UI, backed by ITMC’s long experience in implementing IAM&IAG in an efficient way.

Telco operators are encountering challenges and opportunities that are shaping the future direction of communications. Faced with the erosion of revenues from the rapid encroachment of the OTT (over-the-top) players into their traditional market strongholds, operators are realising that data represents their most significant asset to provide added value to their customers in the…

GlobalSign, one of the world’s biggest certificate authorities, and a leading provider of identity services, recently acquired Ubisecure, a Finnish privately held software development company specializing in Identity and Access Management (IAM) solutions. Ubisecure’s leading IAM solutions coupled with GlobalSign’s authentication expertise and world-wide reach create a…

Forum Sentry API Gateway is an integrated solution for API and service security, access management and threat protection with a strong focus on “security by design”, certified encryption, and comprehensive support for API formats and protocols.

Seclore with its FileSecure product provides an offering in the emerging market for Secure Information Sharing. Seclore FileSecure allows securely sharing and tracking documents within and beyond the organization, with a specific emphasis on securely sharing information in external collaboration.

Identity Automation’s RapidIdentity is a streamlined solution covering key functions of Identity and Access Management & Governance in an integrated offering. A particular strength is the strong out-of-the-box support for common requirements in that area.

ObserveIT provides a comprehensive solution for monitoring user activity across the enterprise. The product operates primarily based on agents that can be deployed across a variety of platforms. It provides detailed user behavior analysis and live session response.

FSP Identity Governance & Administration Suite is a solution for managing the identity and access lifecycle, thus serving the market segment for Identity Provisioning and Access Governance. A particular strength of the product is its combination of role-based and policy-based access controls into a single solution.

iWelcome delivers Identity and Access Management as a Service. The company, based in the Netherlands, runs all services from data centers located within the EU and covers a broad set of features for both managing identity and access for cloud and on-premise services.

Oracle Identity and Access Management Suite is a comprehensive suite of products for the core areas of IAM&IAG, i.e. Identity Provisioning and Access Governance. It benefits from a well thought-out architecture and continuous improvements in integration and functionality.

Avencis SSOX is an Enterprise Single Sign-On solution with a focus on flexible strong authentication and mobile device support. Combined with Avencis’ own IAM platform, it provides a foundation for a long-term Identity and Access Management strategy for any organization.

As businesses both small or large become increasingly dependent on cyber space, errors and slip-ups in managing its security can have significant, sometimes destructive, consequences. In the past mistakes could be overlooked but today they could get you fired.

Amazon Web Services (AWS) offers a broad set of over 40 services including compute, storage, database, analytics, application, and deployment. This report provides an overview of the security and assurance aspects of these services.

IBM SoftLayer provides infrastructure services direct to customers and is also the foundation for many of IBM’s cloud services such as BlueMix. The SoftLayer platform is able to provide “bare metal” access to computing resources resulting in high performance. This report provides an overview of the security and assurance aspects of these services.

Cyber threats are leaving large and well established businesses exposed to significant business risks, such as damage to brand and reputation, and large financial fines. This document discusses the most critical threats and the tactical countermeasures that can help organisations understand and counter these threats.

This report provides an overview of Rackspace Managed Cloud Hosting services together with an assessment of the security and assurance provided in respect of five critical risks faced by a cloud customer.

This report provides an overview and analysis of the market for Infrastructure as a Service (IaaS). IaaS provides basic computing resources that the customer can use over a network to run software and to store data. This report provides you with a compass to help you to find the IaaS service that best meets your needs.

Imprivata OneSign® is an integrated authentication and access management solution with a strong focus on the healthcare industry. It provides fast and secure access to workstations, virtual desktops and applications by combining strong authentication with enterprise single sign-on.

Enterprise Role Management and Access Governance are at the core of today's IAM systems to achieve efficient administration processes and compliance with regulatory requirements. Costly processes for the design and maintenance of large role-based projects and for extensive annual recertification campaigns demand a next generation approach to Access Governance.

Digital business strategies require up-to-date and reliable customer identities. They are essential to target your marketing, to adjust the design of your products and services, to increase your earnings and to create long-term relationships with your customers.

Oracle Database Vault is a specialized Privileged Access control solution for securing Oracle databases. It allows defining of different areas, called “realms”, within a database environment which can be used to protect application data from unauthorized access. Oracle Database Vault comes pre-installed by default with Oracle Database 12c.

Standards are the distilled wisdom of people with expertise in their subject matter. A CISO should know which standards are relevant to the organization and choose which should be used internally and by external product and service providers.

The Digital Transformation of business is on its way. However, success in monetizing the Digital Transformation will not be based merely on selling things. It also requires a change in business models.

BeyondTrust PowerBroker Auditor Suite is a set of auditing tools for Windows environments. Together they provide a unified real-time insight and an audit trail for file system, SQL Server, Exchange and Active Directory access and changes.

SecureAuth IdP combines cloud single sign-on capabilities with strong authentication and risk-based access control while focusing on both internal and external users that want to access to both on-premise and cloud services...

RSA Archer by RSA, The Security Division of EMC is a full-featured GRC-framework providing an enterprise-wide, systemic approach to implementing Governance, Compliance and Risk Management. With its platform approach it can be continuously adapted to maturing GRC-strategies towards risk-orientated business processes...

Sharing information securely is becoming increasingly important within companies, be it to protect intellectual properly, meet regulatory requirements for privacy or simply to avoid embarrassing leaks of proprietary information. While it is easy to stop access to documents and files, it is much harder to manage sharing such information. Shared Information Security is a topic within Cyber…

There is an increasing number of documents purporting to advise on how to migrate to an Attribute-Based Access Control environment. The real requirement is for Adaptive Policy-based Access Management. Here are some tips...

ARCON is a privately held technology company established in 2006 in London with research & development headquartered in Mumbai, India. Originally founded as a provider of enterprise risk solutions, the company has expanded its portfolio over the years and currently offers products for automated risk control, real-time risk assessment and privileged identity management. ARCON…

A survey on the awareness of digital risks and security risks run and compiled by KuppingerCole. Providing insight into the current perception of digital and security risks, complemented with analysis and recommendations by KuppingerCole.

SAP Cloud User and Access Management solution for simple onboarding of external users in B2B and B2C scenarios and for managing access of all types of users to cloud services, run on the SAP HANA platform.

The problem of enterprises grappling with large multiple data and information systems is nothing new. What has changed are the internal and external market expectations, the new technology choices and the constraints and opportunities provided by emerging regulations. Take a deep breath and really get to grips with what is needed and what is achievable.

NetIQ Access Manager is an example of an integrated Access Management and Identity Federation solution. In fact, NetIQ has been the first vendor to combine federation functionality with web access management features, thus providing a completely integrated solution based on a solid consistent architecture. Initially released in 2006, the product includes Single Sign-On for web…

i-Sprint Innovations is a vendor of Identity, Credentials and Access Management solutions based in Singapore. Established in 2000, i-Sprint is focusing on providing solutions for financial industry and other high security environments. Since 2011, the company is a wholly owned subsidiary of Automated Systems Holdings Ltd. Backed by Chinese investors, i-Sprint has a significant presence,…

Take a pro-active rather that re-active approach to the adoption of Cloud services. Plan your move to the Cloud taking a strategic view of your requirements, processes and deployment options. Make the Cloud perform for you - not the other way around.
The question posed in the title of this Advisory Note is rhetorical. The move to the Cloud is inevitable and to be embraced, not only for…

Centrify is a US based Identity Management software vendor that was founded in 2004. Centrify has achieved recognition for its identity and access management solutions for web and cloud-based applications, as well as management for Mac and mobile devices and their apps. The company is VC funded and has raised significant funding from a number of leading investment companies. The company…

There are three major trends driving the adoption of Gateway solutions: Proliferation of inter-connected devices, The need for “bring-your-own-device” (BYOD) support and Migration to Cloud services. The economic imperative to move our databases and applications to the Cloud is strong, but we need the tools to ensure we can protect our resources in the Cloud better than we can…

2014

The GRC triumvirate (Governance, Risk and Compliance) have long been mainstays of Identity Management (IdM). In fact, IdM has mutated into Identity and Access Management (IAM) as well as Identity and Access Governance (IAG). Access Governance remains one of the fastest growing market segments in that broader IAM/IAG market.Over the past few years, the field of Access Intelligence,…

The vision for the Internet of Everything and Everyone is for more than just an Internet of Things; it makes bold promises for the individual as well as for businesses. However the realization of this vision is based on existing systems and infrastructure which contain known weaknesses.

Leaders in innovation, product features, and market reach for IAM/IAG Suites. Integrated, comprehensive solutions for Identity and Access Management and Governance, covering all of the major aspects of this discipline such as Identity Provisioning, Federation, and Privilege Management. Your compass for finding the right path in the market.

Audits are a must for any organization. The massively growing number of ever-tighter regulations in the past years and the overall growing relevance and enforcement of Corporate Governance and, as part of it, Risk Management, has led to an increase in both the number and complexity of audits. These audits affect all areas of an organization, in particular the business departments and IT.…

The cloud provides an alternative way of obtaining IT services that offers many benefits including increased flexibility as well as reduced cost. This document provides an overview of the approach that enables an organization to securely and reliably use cloud services to achieve business objectives.

KuppingerCole Maturity Level Matrixes for the major market segments within IAM (Identity and Access Management) and IAG (Identity and Access Governance). Foundation for rating the current state of your IAM/IAG projects and programs.

Both Cloud computing and Identity and Access Management (IAM) can trace their beginnings to the late 1990’s.
Cloud computing began as “web services” then developed into Software as a Service (SaaS) later expanding to cover areas such as Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) even, within the last couple of years, Identity as a Service…

Some years ago IBM brought out a brilliant product in the Tivoli Security Policy Manager (TSPM), a tool to centralize policy administration for access control solutions. It was IBM’s first foray into attribute-based access control and provided a “discrete” externalized authentication tool to service multiple “relying” applications. It was released under the very successful Tivoli branding…

In some form, Privilege Management (PxM) already existed in early mainframe environments: those early multi-user systems included some means to audit and control administrative and shared accounts. Still, until relatively recently, those technologies were mostly unknown outside of IT departments. However, the ongoing trends in the IT industry have gradually shifted the focus of…

Oracle Audit Vault and Database Firewall monitors Oracle databases and databases from other vendors. It can detect and block threats to databases while consolidating audit data from the database firewall component and the databases themselves. It also collects audit data from other sources such as operating system log files, application logs, etc...

In contrast to common application servers, WSO2 provides a more comprehensive platform, adding on the one hand features such as event processing and business rule management, but on the other hand also providing strong support for security features. The latter includes WSO2 API Manager, which manages API (Application Programming Interface) traffic and thus supports organizations in…

Druva’s approach to information protection is quite unique among traditional solutions, since instead of maintaining a centralized data storage and enabling secure access to it from outside, inSync maintains a centralized snapshot of data backed up from all endpoints and operates on this snapshot only, leaving the original data on endpoints completely intact. Having its roots in a…

The word risk is in common use and means different things to different people. This range of use of the word risk makes for potential misunderstandings. This is especially the case where IT related risks are being discussed in a business context. This report is intended to introduce IT professionals to the concepts of risk management.

BalaBit IT Security was founded in 2000 in Hungary, and their first product was an application layer firewall suite called Zorp. Since that time, BalaBit has grown into an international holding headquartered in Luxembourg with sales offices in several European countries, the United States and Russia and a large partner network. The company has won widespread recognition in the Open…

Symantec was founded in 1982 and has evolved to become one of the world’s largest software companies with more than 18,500 employees in more than 50 countries. Symantec provides a wide range of software and services covering security, storage and systems management for IT systems. Symantec has a very strong reputation in the field of IT security that has been built…

Leaders in innovation, product features, and market reach for Cloud User and Access Management. Manage access of employees, business partners, and customers to Cloud services and on-premise web applications. Your compass for finding the right path in the market.

The Cloud IAM market is currently driven by products that focus on providing Single Sign-On to various Cloud services as their major feature and business benefit. This will change, with two distinct evolutions of more advanced services forming the market: Cloud-based IAM/IAG (Identity Access Management/Governance) as an alternative to on-premise IAM suites, and Cloud IAM solutions that…

Centrify is a US based Identity Management software vendor that was founded in 2004. Centrify has achieved recognition for its identity management and auditing solutions including single sign-on service for multiple devices and for cloud-based applications. The company is VC funded and has raised significant funding from a number of leading investment companies. The company as of today…

In a press release on June 26 th , the European Commission announced the publication of new guidelines “to help EU businesses use the Cloud”. These guidelines have been developed by a Cloud Select Industry Group as part of the Commission’s European Cloud Strategy to increase trust in these services. These guidelines cover SLAs (Service Level Agreements)…

There is a growing demand from organizations for tighter communication and collaboration with external parties and, in some cases, customers. At the same time the rapid growth of cloud services is driving the need for robust and flexible authentication solutions. As the network boundary fades, access management becomes increasingly important for agile organizations and drives the need…

Big Data is often characterized by three properties: there is now an enormous quantity of data which exists in a wide variety of forms and is being generated very quickly. These properties are usually referred to as volume, velocity and variety. However there are two other important properties that are sometimes ignored these are value and veracity. These latter properties can only be…

NetIQ is part of the Attachmate Group, which consists of a number of business units, including Novell and Attachmate. NetIQ is the entity, which now markets the former Novell Identity and Access Management products. The core product of NetIQ today is NetIQ Identity Manager, formerly known as Novell Identity Manager. NetIQ is consequently executing a roadmap of innovation and improvement…

CA SiteMinder® in conjunction with CA SiteMinder® Federation provides secure single sign-on and access management to Web applications and Web services either on-premise, at a partner’s site or in the cloud, from a web browser or a mobile device.

EmpowerID was founded in 2005. The company initially was called The Dot Net Factory. Over the years, EmpowerID grew from a vendor of point solutions for administration of Windows Server and Microsoft Server products to providing an integrated platform that covers a large breadth of IAM/IAG (Identity and Access Management/Governance) features.
EmpowerID in 2013 announced a new release…

Thycotic is one of the newer vendors in the market segment of Privilege Management. Previously they had been a vendor of various point solutions for system management. Aside from their core product Secret Server, Thycotic still develops and sells two other products which focus on specific administrative tasks.
In contrast to several other vendors, all research, product…

Detecting and managing attacks on IT systems is becoming a serious problem. Cyber criminals are using increasingly sophisticated techniques to infiltrate organizational IT systems to commit crimes including data theft, denial of service and blackmail. However, statistics show that most data breaches are detected by agents outside of the organization rather than internal security tools.…

Dynamic Authorization Management is arguably the most exciting area in identity and access management today. It is the way in which organizations leverage their identity and access management environment to control access to restricted resources. Access control to file shares, network subnets, document repositories and applications can now be made in real-time by a centrally-managed…

Most organizations have Microsoft Active Directory in place. The Active Directory (AD) builds the foundation of their on-premises infrastructure for managing users, performing their primary network authentication and authentication to AD-integrated applications such as Microsoft Exchange Server, and some network infrastructure services including client configuration management based on…

The Beta Systems Software AG (Beta Systems) SAM Enterprise Identity Manager belongs to the category of enterprise provisioning systems with integrated access governance functions. Its core function is to reconcile identity information among different systems based on defined processes and connectors to the target systems in a structured, automated and traceable manner...

This blueprint aims to provide an overview of IAM/IAG to the informed user, helping them to better understand the “big picture” of IAM, including technologies such as Identity Provisioning, Access Governance, strong- and risk-based authentication and authorization and Access Management. Within this broad set of technologies, there is ongoing change and evolution. Access…

EIC, the European Identity & Cloud Conference, took place for the 8 th time in Munich May 13 th to 16 th , 2014. The conference focuses on Information Security and Privacy. It covers a broad range of topics in four parallel tracks, complemented by parallel roundtables, pre-conference and post-conference workshops.
This report, based on the feedback of KuppingerCole analysts Amar…

Identity and Access Management (IAM) is in constant flux. The merging into IAM of Access Governance and Access Control is a relatively new phenomenon with a high rate of growth. Based on new offerings and changing demand, KuppingerCole predicts several major changes in that market.
We specifically identified the following areas where we see major change coming to IAM systems in the…

Extending your current Access Management infrastructure gradually to support the emerging requirements of the new ABC – Agile Businesses: Connected – with a standard infrastructure. Supporting Cloud Services, APIs, and more.

Organizations depend upon the IT systems and the information that they provide to operate and grow. However the information that they contain and the infrastructure upon which they depend is under attack. Statistics show that most data breaches are detected by agents outside of the organization rather than internal security tools. Real Time Security Intelligence (RTSI) seeks to remedy this.

How authentication and authorization have to change in the days of the Computing Troika (Cloud Computing, Mobile Computing, Social Computing), the API Economy, and the New ABC: Agile Businesses – Connected.

Cloud services are built using a technical architecture that may include both proprietary and standard protocols and interfaces. Many of these standard protocols and interfaces are already available and indeed form the basis of cloud connectivity. However the services themselves have significant proprietary content and this can make the costs of changing provider high. This document…

Cloud-based IAM (Identity and Access Management) is one of the emerging markets within IAM in particular and Information Security in general. Within the broader Cloud IAM market, we observe a number of solutions that are focused on specific capabilities, such as providing a Single Sign-On experience to users. However, the tendency is towards offering more comprehensive solutions that go…

Omada, a Danish vendor, started as a provider of advanced Identity and Access Management solutions and services back in 2000. The core product of the company is its Omada Identity Suite. Omada focuses on adaptable business-centric and collaborative features such as workflows, attestation and advanced access analysis, role management, reporting, governance and compliance and application…

Cloud-based IAM (Identity and Access Management) is one of the emerging markets within IAM in particular and Information Security in general. Within the broader Cloud IAM market, we observe a number of solutions that are focused on specific capabilities, such as providing a Single Sign-On experience to users...

While relatively new to the Identity marketplace, Dell has a long history in technology far exceeding most of its competitors. Its world-wide presence dwarfs most of its competition and includes resellers, VARs and system integrators with a strong knowledge and much experience of the product lines acquired by Dell through the acquisition of Quest Software.
The identity and access…

There can be many reasons to why a business embarks on a journey to improve its Information Security. There is however one reason which consistently recurs: “Because the auditors says that we need to…”
Regulatory requirements include penalties for non-compliance but this often creates a tick-box approach to compliance, rather than a considered, strategic view. Where…

Enterprise Single Sign-On (E-SSO) is a well-established technology. Despite all progress in the area of Identity Federation, E-SSO is also still a relevant technology. This is also true in the light of the growing number of Cloud-SSO solutions that manage access to cloud applications, both on-premise and cloud-based approaches but targeted on Single Sign-On to Cloud apps. However, in…

Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking, to facilitate illegal actions, to name just a few. The large number of prominent incidents within the last…

Enterprise Single Sign-On (E-SSO) is a well-established technology. Despite all progress in the area of Identity Federation, E-SSO is also still a relevant technology. This is also true in the light of the growing number of Cloud-SSO solutions that manage access to cloud applications, both as on-premise and cloud-based approaches but also as targeted Single Sign-On to Cloud apps.…

Identity Provisioning is still one of the core segments of the overall IAM market. Identity Provisioning is about provisioning identities and access entitlements to target systems. This includes creating and managing accounts in such connected target systems and associating the accounts with groups, roles, and other types of administrative entities to enable entitlements and…

Enterprise Key and Certificate Management (EKCM) is made up of two niche markets that are converging. This process still continues, and as with all major change of IT market segments, is driven by customer requirements. These customer requirements are driven by security and compliance needs. Up until recent times, compliance has been the bigger driver, but increasingly in the days of…

NextLabs is a US-based vendor with headquarters in San Mateo, CA, and a strong footprint as well in the APAC (Asia/Pacific) region. The company focuses on what they call “Information Risk Management”. In fact, the focus is more on Information Risk Mitigation, i.e. practical solutions allowing better protection of critical information...

VASCO is a vendor in the Authentication Management market which provides solutions for strong authentication, electronic signing & digital signing. They are known for their broad range of hardware tokens for authentication & signatures and complementary software solutions.
In contrast to most other vendors who present single-purpose (or single-method) authentication…

The Cloud IAM market is currently driven by services that focus on providing Single Sign-On to various Cloud services as their major feature and business benefit. This will change, with two distinct evolutions of more advanced services forming the market: Cloud-based IAM/IAG (Identity Access Management/Governance) as an alternative to on-premise IAM suites, and Cloud IAM solutions that…

Access Governance is about the management of access controls in IT systems and thus about mitigating access-related risks. These risks include the theft of information, fraud through changes to information, and the subversion of IT systems - for example in banking - to facilitate illegal actions, to name just a few. The large number of prominent incidents within the last few years proves…

Migrating an existing provisioning system always becomes a red-hot topic once a vendor becomes acquired by another vendor. In these situations - like the acquisition of Novell by NetIQ, of Völcker by Quest Software, of Waveset by Sun Microsystems and then Sun Microsystems by Oracle and all the other acquisitions we’ve seen in the past - customers become anxious regarding the…

Unlike the majority of their competitors, Venafi came from an ECM background to become a market leader in their field. Their main competition evolved from EKM devices and HSM manufacturers’ acquisition and consolidation of products.
As a result Venafi has a well-developed software solution in the EKCM space which has all of the functionality that would be expected from a niche…

Enterprise Single Sign-On (E-SSO) is a well-established technology. Despite all progress in the area of Identity Federation, E-SSO is also still a relevant technology. This is also true in the light of the growing number of Cloud-SSO solutions that manage access to cloud applications, both on-premise and cloud-based approaches but targeted on Single Sign-On to Cloud apps. However, in…

Dynamic Authorization Management for applications based on centrally managed policies, enforced at runtime. Support for existing applications, without any code changes, through the Oracle API Gateway...

Smart information is big data analyzed to provide answers to business questions. SAP HANA is the new runtime backend for SAP Enterprise Applications. It provides high performance database through “in-memory” processing and storage and is especially suited for instant analytics on the data managed by these applications. It also includes integration with other sources of…

Why Identity Federation, Cloud IAM, and API Management help organizations in meeting their business needs for agile business processes that connect the organization to their business partners and customers and manage access to Cloud applications. The need for a new organizational structure for IT. How to find the balance between pressing business demands and Information Security and…

Secude is a Swiss-based vendor with a long history in Information Security. Among other accomplishments, they developed today’s SAP NetWeaver Single Sign-On product that then was acquired by SAP and became part of SAP’s own security portfolio...

A business-driven approach to Access Governance, based on business processes and access risk. Supporting fine-grained SoD analysis for all environments, with strong support for SAP. Combining Access Governance and Dynamic Authorization Management. Providing connectivity to target systems based on direct connectors and through legacy Identity Provisioning systems...

CA Technologies is amongst the largest infrastructure software vendors worldwide. They offer a broad portfolio of products in the IAM market segment, including CA IdentityMinder™ (formerly CA Identity Manager) as their solution for Identity Provisioning. IdentityMinder™ is built on tools CA Technologies has developed and acquired over time. The current version is well…

SAP HANA is the new runtime backend for SAP Enterprise Applications, and is especially suited for instant analytics on the data managed by the applications. This Executive View presents an overview on the security of SAP HANA and gives recommendations on how to address potential weaknesses...

Industry networks for secure collaboration are not a new thing. The evolution of these networks started back in the late ‘90s for some industries. While the initial focus sometimes was more about B2B marketplaces, enabling secure collaboration and managing the identities of the participants in the industry network quickly became the center of attention for these solutions.

SecureKey Technologies provides cloud-based, trusted identity networks that enable organizations to deliver online services securely to consumers. SecureKey offers a suite of cloud based services for consumer and citizen authentication under the trademarked name of briidge.net™. There are two principal services: briidge.net Exchange which uses identity federation to allow consumers…

Secure Information Sharing is the number one challenge these days in Information Security. Organizations on the one hand must enable flexible collaboration with business partners as part of their evolution towards agile, connected businesses. On the other hand, the increasing Information Security challenges and compliance requirements put more pressure on protecting information, including IP...

Akamai is a software platform, originally built on Linux, and able to run on commodity hardware. According to Akamai’s own metrics, at any one time between 15% and 30% of web traffic is going between Akamai servers. It is not a separate network, running as it does over the Internet using the same backend connections, but it is resilient, and lessens traffic between Internet nodes.…

The Leadership Compass shows that Enterprise Single Sign-On is a rather mature market. Especially in the areas of Product Leadership and Innovation Leadership, many vendors are leading-edge and competing head-to-head. This is good news for customers, allowing them to choose from a range of mature products that suit their needs. As always, however, it is about the details. Some solutions…

This Leadership Compass provides an overview and analysis of the Privilege Management market segment, sometimes referred to as Privileged Identity Management, Privileged Account Management, etc. Technologies typically support Privilege Management as a password repository approach (commonly called “vault”), with some form of proxy/gateway to record RDP Sessions, while logging…

Brainwave is a French vendor and their product Brainwave Identity GRC is focused on what they describe as identifying and mitigating the user risks. Compliance is an important driver for the acquisition of IAM technology and Brainwave Identity GRC is focused squarely on this need. It provides very strong capabilities in this area, allowing customers to efficiently and quickly analyze the…

Directory Services, Identity Federation, and Access Management from the Cloud in a single integrated solution. Extend your Active Directory infrastructure to the Cloud and manage business partners, customers, and Cloud service access in a combined service.

Information security in general and identity management in particular have become a critical, more and more sophisticated, and costly component for almost every online service. Developers must either invest a lot of effort to implement and maintain it or integrate a third party solution. Currently, the market for such solutions is very large and mature, but solutions from traditional…

Life Management Platforms (LMPs) combine personal data stores, personal cloud-based computing environments, and trust frameworks. They allow individuals managing their daily life in a secure, privacy-aware, and device-independent way. In contrast to pure personal data stores, they support concepts, which allow interacting with other parties in a meaningful way without unveiling data. This…

CA Technologies acquired Eurekify, a leading provider of role mining and role engineering, in November 2008. Using that technology, CA Technologies has built the current product CA GovernanceMinder. The product is tightly integrated with CA IdentityMinder™, the Identity Provisioning product provided by CA Technologies, and follows the same architectural and user interface paradigms.…

Identity, Security, and Risk Management as part of a broad solution portfolio. Well thought out IAM and IAG Business Case solution instead of a purely technical one. Choice of on-premise or cloud-based platform allows complete solution for all size businesses...

Smart information is big data analyzed to provide answers to business questions. Oracle provides a range of integrated software and hardware tools needed to acquire and analyze big data into smart information. These tools have a particular focus on enterprise concerns including information security and the exploitation of the masses of data already held within corporate data warehouses.

This report provides an overview and analysis of the market for Infrastructure as a Service (IaaS). IaaS provides basic computing resources that the customer can use over a network to run software and to store data. This report shows that there is a range of IaaS service providers with strengths in various areas.

Adaptive Authentication uses risk-based policies to evaluate a user’s login and post-login activities against a range of risk indicators. Systems then ask for additional assurance of the users’ identities when a risk score or policy rules are violated. This risk and context-based authentication and authorisation methodology provides transparent authentication for the majority…

Prepare your IT Organization for the major evolutions affecting every business. Become ready to deal with today’s and tomorrow’s approaches to Cloud Computing. Build a competitive on-premise IT if you still need on-premise IT (and most will). Stay in control of your Business Services, IT Services, and Information Security.

EmpowerID was founded in 2005 and is based out of Dublin, Ohio. EmpowerID was previously known as a niche player, with products like the Active Directory (AD) Self-Service Suite, which provides web-based white pages and password reset for AD...

SafeNet’s Comprehensive data-centric security portfolio looks at business cases instead of solely technical solutions, and extends protection and ownership across the data lifecycle as it is stored, created, shared, accessed,and moved. The organisation looks forward to future-state virtual and Cloud deployments at the same time as making it possible integrate with current-state architectures.

Despite being one of the more traditional and well-established areas of Identity and Access Management (IAM), and despite the fact there is still an obvious business benefit and quick-win potential in Enterprise Single Sign-On (E-SSO) there are still many organizations that have not deployed an E-SSO solution.
Enterprise Single Sign-On (E-SSO) is a well-established technology. Even…

IBM offers a range of cloud products and services that include Infrastructure as a Service, Platform as a Service and Business Process as a Service under the SmartCloud™ brand. IBM recently acquired SoftLayer Technologies Inc, and at the same time announced the formation of a new Cloud Services division. This executive view provides an overview of IBM SmartCloud IaaS and…

With the growing demand of business for tighter communication and collaboration with external parties such as business partners and customers, IT has to provide the technical foundation for such integration. Web Access Management and Identity Federation are key technologies for that evolution. They enable organizations to manage access from externals and to external systems, including…

Securing your business against industrial espionage is about knowing your competitors and stopping your IP getting into their hands. In a Cloud environment you need to be considering all of the risks around Cloud provision, conflicts of interest, legal environments in remote locations, and of course having a third party processing and controlling your most sensitive information.
A…

One of the most important consequences of the ongoing trend of IT consumerization driven by growing adoption of mobile and cloud computing has been the exponential growth of the number of identities businesses and consumers have to deal with. Unfortunately, as the number of ways for individuals and businesses to interact over the Internet is growing, controlling and securing these…

Threats to critical National technical infrastructure such as Finance, Energy, Telecommunications and Government are a result of human nature, although difficult to treat in the abstract, technical controls can be applied to prevent, detect and resist attempts to subvert...

Ping Identity is a specialized vendor focusing on Identity Federation and related use cases. Ping calls this “Identity Bridges”. Their portfolio consists of two offerings: PingFederate is their enterprise solution for standards-based federated identity management; while PingOne provides cloud-based single sign-on to public and private cloud applications; and cloud-based SSO…

There are various approaches to tackle the BYOD challenge, from MDM (Mobile Device Management) to specialized, secure apps - for instance for email - virtualization approaches on mobile devices, and network security. However, despite the vendor promises there is no single solution that addresses all the challenges of Mobile Security Management.
F5, a leading provider of what they call…

Joyent offers a range of cloud services that are built on technology that Joyent has engineered rather than on generic virtualization technology. This is claimed to provide greater flexibility, resilience, and performance for cloud customers and their applications. This executive view provides an overview of these services focused on their security and assurance aspects.

KuppingerCole as an analyst company regularly does evaluations of products and vendors. The results are, amongst other types of publications and services, published in the KuppingerCole Product Reports and KuppingerCole Vendor Reports...

CloudSigma is a pure IaaS provider and the CloudSigma platform is built on the Linux KVM hypervisor. The CloudSigma platform provides a number of interesting features including persistent storage for each VM, disk encryption by default, and automatic redundancy and failover. This executive view provides an overview of the CloudSigma platform focused on its security and assurance aspects...

In April 2013 McAfee announced the addition of several products addressing Identity and Access Management to its Security Connected portfolio. The products that were previously developed and sold by Intel include McAfee Cloud Single Sign On and McAfee One Time Password. In addition to the products McAfee also introduced the new McAfee Identity Centre of Expertise, which is staffed with…

Salesforce.com is best known as the provider of a cloud based CRM system. Salesforce also provides a platform which can be used to develop and deploy cloud based applications. This executive view provides an overview of this platform focused on the security and assurance aspects...

With the Expressway API Manager, Intel is attempting to define a new category of platform. It refers to this new platform as a “Composite Platform” designed to expose APIs to business partners and internal or external developers.
The Expressway API Manager platform has a strong set of API management capabilities including developer on-boarding and lifecycle management,…

The HP Virtual Private Cloud Service offering from HP Enterprise Services is one of the members of the HP Converged Cloud Strategy within the HP Managed Cloud Service Offering family. This provides everything needed to run applications and to access them securely over a network. This executive view provides an overview of these services focused on their security and assurance…

Amazon Web Services (AWS) provides computing infrastructure that enables organizations to obtain computing power, storage, and other on-demand services in the cloud. This executive view provides an overview of these services focused on their security and assurance aspects...

Detecting and managing covert attacks on IT systems is becoming a serious problem. Cyber criminals are using increasingly sophisticated techniques to infiltrate organizational IT systems to commit crimes including data theft, denial of service and blackmail. IBM Security Intelligence with Big Data is a set of products and services that are intended to respond to these…

Omada, a Danish vendor started as supplier of advanced Identity and Access Management capabilities in year 2000.
Today Omada has, in addition to its IAM capabilities, established itself as a vendor for IAG (Identity and Access Governance), providing compliance, overview and control across multiple platforms.
The company has grown through the last decade from providing IAM solutions…

KuppingerCole has bestowed the KuppingerCole European Identity Awards since 2008 in recognition of excellent projects in the area of Identity and Access Management (IAM), GRC (Governance, Risk Management, and Compliance), and Cloud Security. This report gives a brief overview of the project performed at EVRY ASA, a leading IT system integrator and service provider based in Norway.
The…

In April 2013 McAfee announced the addition of Identity and Access Management solutions to its Security Connected portfolio. The products that were previously developed and sold by Intel include McAfee Cloud Single Sign On and McAfee One Time Password. In addition to the products McAfee also introduced the new McAfee Identity Center of Expertise, staffed with experts in identity and cloud…

European Identity Award 2013 for „Best Innovation/New Standard in Information Security”: A new standard that rapidly gained momentum and plays a central role for future concepts of Identity Federation and Cloud Security.

Special Award 2013 for „Bridging the organizational gap between Business and IT”: A project that was far above average when it comes to Business/IT Alignment, by successfully setting up a framework of guidelines and policies plus the required organizational entities and rolling this out into a global organization.

European Identity Award 2013 in category „Best Access Governance and Intelligence Project”: Holistic IAM/IAG approach following new architectural concepts and enabling Dynamic Authorization Management based on business rules.

Special Award 2013 for „Rapid Re-Design and Re-Implementation of the Entire IAM”: Moving from a traditional, Active Directory-centric environment to full HR integration on a global scale and full support for automated provisioning, based on a clearly defined roadmap for further improvement.

European Identity Award 2013 in category „Best Access Governance and Intelligence Project”: Implementing cross-divisional SoD rules on a global scale at business level, with full integration into the existing Access Governance solution.

Big Data is characterized by three properties: there is now an enormous quantity of data which exists in a wide variety of forms and is being generated very quickly. However, the term “Big Data” is as much a reflection of the limitations of the current technology as it is a statement on the quantity, speed or variety of data. The term Big Data needs to be understood as data…

Big Data provides many opportunities to solve emerging business challenges and Big Data technologies can create business value. However Big Data also creates security challenges that need to be considered by organizations adopting or using Big Data techniques and technologies. This paper outlines the information security risks involved in Big Data and recommends the responses to these…

As in the past years, KuppingerCole has worked out the Top Trends in IAM/IAG (Identity and Access Management/Governance), Cloud Computing, and Information Protection and Privacy. The most important trends are the massive increase in demand for support of the “Extended Enterprise” in IAM/IAG, the cloud stratification in various layers, increasing threats imposed by the rise of…

Identity and Access Management (IAM) is a holistic approach to managing identities (both internal and external) and their access within an organisational framework. The key benefit to the business should be to enable people to do their jobs more effectively. If deployed correctly, IAM can help achieve this in a multitude of different ways for different departments and roles within them;…

The ready availability of cloud services has made it easy for employees and associates to obtain and use these services without consideration of the potential impact on the organization. Therefore, in order to ensure good governance over the use of cloud services, it is imperative that organizations create and communicate a policy for their acquisition and use. This should be supported by…

Most large organizations and a significant number of medium-sized organizations have heavily invested in IAM (Identity and Access Management) and IAG (Identity and Access Governance) during the past few years. Some projects went well; others did not deliver as expected. But even organizations that run successful IAM/IAG projects are challenged by new evolutions, such as the increasing…

SAM Enterprise Identity Manager from Beta Systems Software AG (Beta Systems) belongs to the category of enterprise provisioning systems with integrated access governance functions. Its core function is to reconcile identity information among different access control systems based on defined processes and connectors in a structured, automated and traceable manner. It also supports common…

In 1999 Microsoft entered the Identity and Access Management space with the introduction of Active Directory in Windows NT and the purchase of Zoomit Via which was renamed to Microsoft Metadirectory Server (MMS). MMS was eventually retired and Microsoft re-wrote the system from ground up and named it Microsoft Identity Integration Server 2003 (MIIS) with one of the major changes being the…

The ongoing trend of IT consumerization driven by growing adoption of mobile, social and cloud computing has made a profound impact on our society. It has brought many new challenges for both consumers and businesses, which are now struggling to adapt to the new demands for storing, sharing, and processing sensitive digital information and to comply with increasingly harsh privacy-related…

ServiceMesh is a company out of Santa Monica, CA that fields a platform in the category of Enterprise Cloud Management, and places a heavy emphasis on policy-based cloud governance. This is a relatively new category and in particular the focus on “Enterprise Cloud Governance” needs some explaining. KuppingerCole agrees with the interpretation ServiceMesh uses for Governance in…

Atos is one of the largest IT Service Providers worldwide, with more than 70.000 employees and global reach. Following the acquisition of Siemens IT Solutions and Services (SIS), the company changed its name from Atos Origin to just Atos. The company is listed on the Paris Stock Exchange.
This vendor report focuses on a specific part of the Atos portfolio, the DirX products. These are…

Information stewardship uses good governance techniques to implement information centric security for all of your data. Information Stewardship involves the business as well as the IT services group. It creates a culture where the people in the organization understand the sensitivity of information and the ways in which this information can be put at risk.
A key concept within…

Privilege Management - which, in the KuppingerCole nomenclature, also is called PxM for Privileged Access/Account/Identity/User Management- is the term used for technologies which help to audit and limit elevated rights and what can be done with shared accounts. During the last few years, PxM has become increasingly popular. Some vendors have enhanced their offerings significantly, while…

Bring Your Own Device (or “BYOD” for short) may seem like the latest hype, but in fact it isn’t really all that new. Employees have been bringing their smartphones or iPads to work for quite some time now, mostly with their employers’ explicit (or at least implicit) consent. And ever since, IT departments have been worrying about losing control and how to halt the…

Access Governance is as of now the fastest growing market segment in the broader IAM (Identity and Access Management) market. Some vendors also use the term IAG (Identity and Access Governance). Another recent term is Access Intelligence (or Identity and Access Intelligence). While a few vendors try to establish this as a new market segment, we understand enhanced analytical capabilities…

The emerging API Economy is presenting significant challenges to all industry participants. When coupled with the Computing Troika—Cloud, Mobile, and Social computing—the API Economy is bringing about change in strategy requirements that have not ever been presented to organizations before. For example, the sheer number and nature if personas and identities and the need to…

Cloud computing is one of three dimensions in which organizations are moving towards an economy based upon the interconnection IT services. This idea is described in KuppingerCole Advisory Note 70532 “The Open API Economy”. This success of this economy and hence of cloud computing depends on the availability clearly defined interfaces; standards have a key role to play in…

Loss and theft of Personally Identifiable Information (PII) from government, military and defense organizations continues to be a significant problem. Given the amount of attention to this area and the wealth of standards and technology available – why do these leaks still occur? This document considers the sources of leakage and describes how better information stewardship based on…

Oracle Audit Vault and Database Firewall is a new offering combining and enhancing two existing products: Oracle Audit Vault and Oracle Database Firewall. The product monitors Oracle databases and databases from other vendors. On the one hand it can detect and block threats while on the other hand it consolidates audit data not only from the database firewall component but also from the…

Thycotic Software is one of the vendors in the emerging Privilege Management market. Their core product is called Secret Server and supports managing secrets, especially, but not limited to, administrative and service account passwords.
In contrast to other vendors in that segment, Thycotic as of now focuses not on delivering a complete Privilege Management infrastructure covering all…

2012

As part of its recently announced 11g R2 release of Oracle Identity and Access Management, Oracle also released a new component called Oracle Access Management Mobile and Social. This solution significantly enhances the scope of the current OAM (Oracle Access Manager) platform, adding support for mobile devices and for logins based on social networks (social logins)...

With IT organizations constantly facing the dichotomy of doing more with less, the need for products that are well integrated, efficient and cost effective is ever on the increase.
KuppingerCole offers a model designed to help IT organizations manage this dichotomy by changing the perspective on IT in general. We consider that an IT organization’s job should not only be viewed…

MetricStream is a vendor in the GRC (Governance, Risk Management, Compliance) market. Within that market, MetricStream is positioned as an Enterprise GRC vendor with good support for IT GRC, providing solutions that cover business aspects as well as provide the technical integration to IT systems. This is in contrast to pure-play Business GRC solutions which only focus on manual controls…

Loss and theft of Information from organizations continues to be a significant problem. The new data protection regulations in the EU will increase focus on this area. Given the amount of attention to this problem and the wealth of standards and technology available – why do these leaks still occur? This document considers the sources of leakage and describes how better information…

The days when IT lived in an isolated silo within the enterprise and everything was managed from a technical perspective with only traditional computing devices are past. Today’s reality is about more users and new ways to interact with them (Social Computing), more devices (Mobile Computing), and other deployment models (Cloud Computing).
But is IT out of control? Not if it is…

salesforce.com is one of the original enterprise cloud application vendors. Coupled with its flagship CRM solution, Salesforce is branching out its expertise into other areas of the cloud computing area. With the introduction of Salesforce Identity, the company is bringing its considerable infrastructure and knowledge to customers for managing application-independent identities for…

The emerging API Economy is presenting significant challenges to all industry participants. When coupled with the Computing Troika—Cloud, Mobile, and Social computing—the API Economy is bringing about change in strategy requirements that have not ever been presented to organizations before. For example, the sheer number and nature personas and identities and the need to give…

This document adds to the KuppingerCole Advisory Notes #70,607 “Migration Options for your Legacy Provisioning” and #70,610 “Migration Options and Guidelines for Oracle Waveset Identity Manager”. It focuses on the Sun Identity Manager (SIM) product, now also known as Oracle Waveset Identity Management and historically as Waveset Lighthouse. This product has an…

On October 4th Microsoft announced the acquisition of Phonefactor, a provider of phone-based multifactor authentication. Microsoft informed us about this acquisition only in a blog post on their Windows Azure blog at the MSDN (Microsoft Developer Network) website . There is no official press release out, but Phonefactor itself provides some information at their website . Obviously…

Identity Provisioning is still one of the core segments of the overall IAM market. Thus it comes to no surprise that this segment is more crowded by vendors than virtually all the other IAM market segments. This Leadership Compass provides an overview and analysis of the Identity Provisioning market segments.
It shows that there are several established vendors with mature solutions,…

Novell was acquired by The Attachmate Group in April 2011. The portfolio of Novell has been distributed across three business units of the Attachmate Group. The SUSE portfolio of Linux solutions was made into a business unit that is now simply called SUSE. The Novell business unit will continue to market and sell the collaboration, endpoint management and File and Networking Services...

Novell was acquired by The Attachmate Group in April 2011. The portfolio of Novell has been distributed across three business units of the Attachmate Group. The SUSE portfolio of Linux solutions was made into a business unit that is now simply called SUSE. The Novell business unit will continue to market and sell the collaboration, endpoint management and File and Networking…

Can an organization trust an IT service provided through the Cloud? A survey by KuppingerCole showed that “Cloud security issues (84.4%) and Cloud privacy and compliance issues (84.9%) are the major inhibitors preventing organizations from moving to a private Cloud.” The answer to this question can be found in the old Russian maxim, which was often quoted by President Ronald…

The nascent API Economy is rapidly maturing and is shaping up to be both promising and challenging.
Meeting the challenges of The API Economy will be as important for customers as embracing the personal computer was in the 1980s or embracing the mobile and tablet trends are today.
Customers are faced with the challenge of understanding the distinction of being both an API consumer…

Over the past few years, companies have started investing in Access Governance to better manage access certification, access analytics, and access requests. However that is not sufficient. It is, though, a big step forward for organizations which have not only installed a piece of software but also implemented the required organization, guidelines, and processes...

On August 10th, 2012, the University of Bochum (German Ruhr-Universität Bochum) published a research paper titled On breaking SAML: Be whoever you want to be . In that paper the authors provide an analysis of potential security weaknesses in SAML. They analyzed 11 out of 14 major SAML frameworks. Eleven of these frameworks showed XML Signature wrapping (XSW) vulnerabilities. The…

Recently Eran Hammer, one of the – until then – co-authors and editors of the OAuth 2.0 standard which is currently finalized by an IETF (Internet Engineering Task Force) working group, declared that he will withdraw his name from the specification of OAuth 2.0. He posted about this in his blog . In that blog he raised several concerns about OAuth 2.0, ending up in a…

A number of significant trends are causing the authentication (AuthN) and authorization (AuthZ) architectures and technologies to significantly change.
Cloud, mobile and Social computing combined (The Computing Troika) are causing an identity explosion that is requiring organizations to embrace and evangelize authenticated access to any resource by anyone from any device.
At the…

This research note is one of series of documents describing KuppingerCole’s basic positions and providing insights into IT Service and Information Security Management. It describes the principal information security risks associated with Cloud computing and how these risks can be managed by effective IT service management using the KuppingerCole model.
The Cloud provides an…

CrossIdeas is a European vendor based in Italy specializing in Access Governance, Dynamic Authorization Management, and IAM (Identity and Access Management). Formerly known as Engiweb Security, the company was renamed following a management buy-out and operates today as an independent software vendor in their core market segments.
Concerns which have been voiced along the transition…

The ongoing trend of IT consumerization and deperimeterization has a profound effect on modern society. Mobile devices are becoming increasingly sophisticated and their numbers are growing exponentially. Social networking has made sharing information all too easy and controlling its spread nearly impossible. Growing adoption of cloud-based services, while having obvious advantages, means…

The concept of Key Performance Indicators is well established at the corporate level, using scorecards as a tool for providing a quick overview on the progress of organizations towards their goals. Key Risk Indicators add risk metrics to that view, relating the progress of indicators to changes in risks.
The report provides selected Key Risk Indicators (KRI) for the area of IAM and…

This document extends the Advisory Note #70,607 “Migration Options for your Legacy Provisioning” and focuses on Oracle's Waveset Identity Provisioning system which is also historically known as Sun Identity Management/Manager or, in short, SIM, which before the acquisition of Waveset by Sun was named Waveset Lighthouse. The product will usually be called Waveset IDM (Identity…

When looking at the topic of this research note, there are two major aspects to look at. One is about “critical infrastructures”; the other is about “the age of cyber attacks”. We’re looking at critical infrastructures in finance industry. However, this is at least to some degree also about finance industry as a critical infrastructure. The finance industry…

As in the past years, KuppingerCole has worked out the Top Trends in IT in general, Cloud Computing, GRC (Governance, Risk Management and Compliance), IAM (Identity and Access Management) and Mobile Computing. The most important trends are, from our perspective, an increasing level of compromise of digital certificates, the proliferation of “Bring your own Device” (BYOD), and…

Which initiatives should be top on the agenda of CIOs in 2012/2013? This Advisory note suggests answers to this question, based on the ongoing research of KuppingerCole. The report proposes three initiatives within six areas, which promise specific benefits for the future development of IT. They represent responses to current and future trends. The goal is an IT, which is fit for the…

Best Project 2012 in the Category „Best Cloud Security Project”: Implementing Federation quickly to support business requirements. Federation becoming a business enabling technology.
Building the foundation for future business cases. Enabling secure access to Cloud applications.

Best Project 2012 in Category „Best Identity and Access Management Project”: Enabling the hybrid Cloud in an audit-proof way.
Based on a flexible, scalable, standards-based architecture. Supporting complex, dynamic approval workflows in a very large scale environment.

Migrating an existing provisioning system always becomes a red-hot topic once a vendor becomes acquired by another vendor. In these situations - like the acquisition of Sun Microsystems by Oracle, of Novell by NetIQ, of Völcker by Quest Software and all the other acquisitions we’ve seen in the past - customers are anxious regarding the future roadmap and the impact on their own…

IAM (Identity and Access Management) and GRC (Governance, Risk Management, and Compliance) are two of the most important IT market segments these days. They are driven by various factors. One is increasing regulatory pressure. Companies need to manage their risks, including access risks to their corporate information. That has put IAM and GRC on top of the IT agenda.
However, IAM and…

Life Management Platforms will change the way individuals deal with sensitive information like their health data, insurance data, and many other types of information – information that today frequently is paper-based or, when it comes to personal opinions, only in the mind of the individuals. They will enable new approaches for privacy- and security-aware sharing of that…

Privilege Management - which, in the KuppingerCole nomenclature, is called PxM - is the term used for technologies which help to audit and limit elevated rights and what can be done with shared accounts. During the last few years, PxM has become increasingly popular. Some vendors have enhanced their offerings significantly, while acquisitions have also led to vendors with broader…

This research note is one of series of documents describing KuppingerCole’s basic positions and providing insights into IT Service and Information Security Management. It describes the varieties of Cloud services and delivery models, the principal risks associated with Cloud computing and how the Cloud fits within the IT service delivery options for an organization. It relates the…

Code security analysis has become one of the most important business segments servicing the secure development of software. Products are pretty mature for every mainstream programming language, and large IT companies have acquired the major technology innovators in that segment.
There is, though, an area of software development that receives little attention, although being quite…

Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking to facilitate illegal actions, to name just a few. The large number of prominent incidents within the last few…

Oracle Database Firewall is part of Oracle’s defense in depth approach to security, providing a first line of defense for databases by analyzing database traffic before it reaches the database. Oracle Database Firewall expands Oracle’s solutions for heterogeneous databases, supporting Oracle Database, SQL Server, IBM DB2 LUW, and Sybase ASE. MySQL support was introduced in the…

The Blackbird Management Suite is well architected and is designed to include high levels of integration with the existing support modules for Active Directory and the Windows Server File System. The administrative interface for Active Directory makes use of the Windows Snap-in architecture for 3rd party products with the Microsoft Management Console (MMC). The File System management is…

ClusterSeven Enterprise Spreadsheet Manager (ESM) is a so-called “End User Computing Governance and Data Intelligence” solution. End User Computing is characterized by business computing activities performed by End Users, typically executed in spread sheet applications such a MS Excel, but also desktop applications such as MS Access or other VBA based applications and files…

How the Open API Economy is increasing and changing the need for Identity Management.
Baking an organization’s core competence into an Open API is an economic imperative.
It’s clear that three main trends are driving technology in all areas. It goes without saying that as digital identity is the gateway to all network-based products and services that identity is…

This document is an evaluation of Oracle’s platform for Cloud computing from an information security perspective. Oracle offers a comprehensive set of tools and technologies upon which to build Cloud services. These services which can be built range from IaaS (Infrastructure as a Service) using Oracle VM Server software and Sun hardware through to SaaS (Software as a Service) built…

In 2010, Quest Software acquired the German software vendor Völcker Informatik AG, based in Berlin. Völcker had established itself in recent years as a provider of technically innovative solutions and a vendor to be reckoned with in the field of Identity and Access Management (IAM). In the process, the company has become highly visible in the German-speaking market and has…

This product report covers the following Axiomatics Policy Management Suite consisting of of the following products:
Axiomatics Policy Server Axiomatics Policy Auditor Axiomatics Reverse Query
The Axiomatics Policy Management suite falls into the category of Dynamic Authorization Management Systems, which are sometimes also called Entitlement Management or Policy Management…

GTB is a US-based vendor which delivers a suite of products focusing on the DLD and DLP issues, e.g. Data Loss Detection and Data Loss Prevention. The core product GTB Inspector acts as a content-aware reverse firewall which scans all outbound traffic and applies classification on these traffic in real-time. The second product is the GTP Endpoint DLP which is content-aware device control.…

Ilex is a French company founded back in 1989. The company, which started with security consulting services, has been offering IAM products for many years, focusing mainly on France and other French speaking countries, but now expanding to other regions. Ilex offers, besides a solution for Single Sign-On, Web Access Management, and Federation, the tools Meibo and Meibo People Pack which…

Fischer International differentiates itself from other vendors in the IAM market space especially through its strong focus on providing “Cloud Services” through a SaaS solution for the core functions of Identity Management. Unlike most others, Fischer International built its product completely around that particular approach. This brings specific technical advantages as far as…

Courion provides identity management solutions since 1996, is well established in North America,. Although the company has traditionally not had a strong presence in Europe, several large accounts in Germany, Switzerland and the UK are using Courion’s products. This is about to change: the company has prioritized Europe for the next years and plans to aggressively expanding there…

Nervepoint Access Manager - Self-Service v0.5 is a free tool that provides self-service and password reset functionality as well as account unlock for Active Directory. The product is still deemed “beta” by Nervepoint Technologies, but the recently published v0.5 offers some additional benefit and valuable tools that can reduce help-desk calls in small to medium enterprises.…

TITUS (www.titus.com) is a privately held company specializing in information classification and data security, including Data Loss Prevention (DLP). The product portfolio consists of several products sup-porting the information classification and some aspects of DLP requirements in different types of environments, from email to SharePoint and Cloud security. TITUS has been covered in…

SailPoint is one of the pioneers in the emerging market for Access Governance. The company was founded in 2005 by a group of executives with long experience in IAM (Identity and Access Management) as well as in the general IT market. SailPoint is a company that started focusing exclusively on a platform that provides what they describe as “Identity Governance”. Designated…

With DirX Identity, Siemens has been able to establish itself amongst the technically leading vendors in the area of enterprise provisioning. As part of the Atos Origin acquisition of Siemens IT Solutions and Services (SIS) on 1st July 2011, the entire DirX product portfolio has been passed to Atos Origin. Atos Origin was renamed “Atos” to coincide with the takeover of SIS.…

Securant Technology was a visionary vendor which created the web access management niche in the mid 1990’s. When that company was acquired by RSA, its management team immediately began thinking about what would come next. From that brain-storming emerged Symplified. Symplified was envisioned and built to be the identity service for the cloud-based computing platform that was…

Corporate IT environments are growing more complex every day. Not only do users within and outside the organization need to access sensitive information, they need to do so on the road and from a wide range of different devices. Identity & Access Management (IAM) is increasingly being recognized as the key to both security and business success for enterprises around the world.…

In this second document from our series outlining KuppingerCole’s basic positions on key issues sur-rounding Digital Identity, Security and Infrastructure Management, we will explore the cornerstones of Identity & Access Management, which is mostly known by its abbreviation “IAM”, along with current trends and ramifications for corporate IT systems. IAM is primarily…

Cloud computing provides an opportunity for organizations to optimize the procurement of IT services from both internal and external suppliers. The Cloud is not a single model but covers a wide spectrum ranging from applications shared between multiple tenants to virtual servers used by a single customer. The risks associated with Cloud computing depend upon both the service model and the…

The need to identify users, control what they can access and audit their activities is fundamental to information security. Over the past decade there has been a tsunami of identity and access management technology designed to provide a solution to these needs. However many organizations have not realised the benefits expected from the application of this technology, because they have…

CrossIdeas is a European vendor based in Italy specializing in Access Governance, Dynamic Authorization Management, and IAM. Formerly known as Engiweb Security, the company was renamed following a management buy-out and operates today as an independent software vendor in their core market segments.
Like its predecessor, CrossIdeas is a one-product company, focusing entirely on their…

This document is an evaluation of Microsoft’s Windows Azure™ Cloud platform from a security perspective. This platform allows organizations to build Cloud applications which are then hosted in the worldwide network of Microsoft datacenters. It also allows organizations to host existing applications that run under Windows Server 2008 and certain types of data in these Microsoft…

Pawaa is specialist on Enterprise Information Protection based in Bangalore, India, offering a number of products and modules for use cases such as integration with Google Docs, SAP Business Objects or as an online storage platform.

Lieberman Software is an established vendor in the PxM (Privileged Access, Account, Identity, User Management) market, one of the fastest growing segments in the broader IAM and GRC market. The core product ERPM (Enterprise Random Password Manager) supports the management of all types of passwords in a heterogeneous environment by managing and securing the passwords. In addition to its…

This research note is the first of series of documents describing KuppingerCole’s basic positions and providing insights into IT Service and Information Security Management. It describes the fundamental building blocks of, including what IT should be able to deliver to the business as well as the technical production of IT services. Together, these form the basis for effective…

Bring Your Own Device (or “BYOD” for short) may seem like the latest hype, but in fact it isn’t really all that new. Employees have been bringing their smartphones or iPads to work for quite some time now, mostly with their employers’ explicit (or at least implicit) consent. And ever since, IT departments have been worrying about losing control and how to halt the…

Authorization covers the processes and technologies concerned with managing, enforcing and auditing the rights of access that individuals have to resources. The essential characteristic of Cloud Computing is that data and resources are held remotely from the users of that data and that access to that data is mainly over the internet. The need to identify users, to control what they…

As reported extensively in the media, hackers in march of this year successfully attacked the data center of EMC Corp’s RSA security division, obtaining copies of security information for RSA’s SecurID key fob system, a token-based mechanism for creating OTPs (One time passwords) in a two-factor authentication approach used extensively by companies and government agencies…

This research note provides a comprehensive overview about authentication technologies available today. Strong authentication is a challenge for most organizations. However, selecting the appropriate strong authentication mechanism(s) is a difficult decision. This research note provides criteria for selecting the mechanism or combination of mechanisms which fits best to the different use…

IAM and GRC are two of today’s most important IT market segments. Increasing regulatory pressures, as well as the ability to execute, drive the evolution of these market segments. KuppingerCole has recently scrutinized these segments, looking at the expected changes related to market growth, maturity, and cloud readiness. We expect to see significant changes within these market…

Vasco is a vendor in the Authentication Management market which provides a number of differentiated solutions around strong authentication, electronic & digital signing. The vendor is well known for its broad range of hardware tokens for authentication & signatures and the complimentary software solutions acting as management server and validation point. To serve the different…

BiTKOO is a privately held company that provides solutions for authorization/entitlement management in enterprise IT environments. The company was founded in 2006, starting with its product Keystone based on technology formerly developed for Walt Disney Company. BiTKOO has since broadened its product portfolio substantially and now offers several products around authorization management…

planningIT is a platform for Business IT Management developed and offered by the German software manufacturer alfabet. planningIT has a number of modules and capabilities, but in the context of this snapshot we will confine ourselves to examining the IT Risk Management module which allows customers to perform IT Risk Management in a business-driven manner.

IAM and GRC are two of today's most important IT market segments. Increasing regulatory pressures, as well as the ability to execute, drive the evolution of these market segments. KuppingerCole has recently scrutinized these segments, looking at the expected changes related to market growth, maturity, and cloud readiness. We expect to see significant changes within these market segments,…

Siemens is one of the largest companies in the world. Siemens IT Solutions and Services (SIS), responsible for IT-products and services, is one of the different segments [referred to by Siemens as “sectors”] within the group. The established IAM and GRC products from Siemens are also allocated to this segment. In December of 2010, Siemens and Atos Origin announced that they…

Application integration is a key requirement to support the business requirements for flexible business processes, spanning a variety of applications. With the cloud and an increasing number of SaaS services, e.g. applications hosted in the cloud, integration moves to a new level of complexity. The integration of cloud and on-premise application services requires new types of integration…

The Cloud is an environment which allows the delivery of IT services in a standardized way. This standardization makes it possible to optimize the procurement of IT services from both external and internal providers. The Cloud covers a wide spectrum from shared applications delivered over the internet to virtual servers hosted internally. The risks associated…

Entrust Identity Guard is a representative of the rather new market segment of Versatile Authentication Servers (VAS) and offers a single administration interface for managing up to twelve different authentication factors or authentication methods, respectively. The number of authentication factors and the internally created, low cost grid cards are the outstanding features of this…

SecurIT TrustBuilder is a Versatile Authentication Server (VAS) provided by the Belgian company SecurIT. The product started as add-on for IBM Tivoli Access Manager but right now works with a broad set of different tools. Beyond the versatility features, TrustBuilder now provides the capability for transaction signing and security as a service to access management systems and applications.

The market for Database Security involves a number of different technical solution approaches which are not covered by a single product, but instead require a set of different products and features in order to secure content in databases. As a result, there are many different solutions on offer in the market today. In this report we will focus on Oracle Database Vault and Oracle Audit…

Oracle Sun to Oracle Identity Upgrade program is an initiative aimed at informing Sun customers about the company’s future strategy for former Sun Identity and Access Management (IAM) products, and about their planned migration paths. This program is a follow-up to when Oracle which unveiled the general product roadmap for Sun customers in the realm of IAM when the acquisition of…

Thales SafeSign is a set of stand-alone modules that comprises the full feature-set of so called Versatile Authentication Servers or Platforms (VAS or VAP). It can be deployed as authentication server for token and mobile based One Time Password (OTP), Challenge and Response, EMV/CAP and PKI based authentication or as a Token/Card Management Solution (CMS), but its full capability is used…

Avatier is a vendor in the Identity and Access Management (IAM) market which provides an integrated set of tools to cover core requirements in that market. The AIMS (Avatier Identity Management Suite) supports features like role mining, password management and reset, user provisioning, recertification of access and access requests. With this offering, AIMS fits into the Enterprise…

The Cloud allows the procurement of IT services from both internal and external suppliers to be opti-mized because the services are delivered through the Internet in a standard way. The Cloud is not a single model but covers a wide spectrum from applications shared between multiple tenants to virtual servers used by one customer and hosted internally. The information…

Database Governance is the set of policies, procedures, practices and organizational structures ensuring the execution of database related activities in an organization according to defined strategies and controls. Database Governance is required to enforce Information Security for structured data held in databases.
Within Enterprise GRC, Database Governance is an element of IT GRC.…

The Cloud is an environment which allows the delivery of IT services in a standardized way. This standardization makes it possible to optimize the procurement of IT services from both external and internal providers. The information security risks associated with Cloud computing depend upon both the service model and the delivery model adopted. The…

As in the past years, KuppingerCole has worked out the Top Trends in IT in general, Cloud Computing, GRC (Governance, Risk Management and Compliance), IAM (Identity and Access Management) and Mobile Computing. The most important trends are, from our perspective, an increasing level of Business-IT-Alignment and the evolution towards hybrid IT environments based on a well-managed mix of…

Oracle Database Firewall is one of several Oracle offerings in the database security market. It complements other products such as Oracle Database Vault that offer protection within the database by providing protection by analyzing database traffic outside the database. Like few other products in that area, Oracle Database Firewall analyzes database activity traffic over the network and…

CA Service Catalog 12.6 is a comprehensive offering in the Service Management market, going well beyond traditional ITSM and specifically ITIL focused approaches, but also supporting these use cases. The real strength of the product lies in the fact that it acts as centralized instance within a holistic approach to service management with a strong focus on business performance.

IBM Tivoli Live - service manager is a SaaS offering for core IT Service Management functionalities, including Service Desk, Service Catalog, CCMDB (Change and Configuration Management Database), and Asset Management. It is provided as a joint initiative of the IBM Tivoli product group and IBM GTS workplace services. IBM plans to add additional features in the future. IBM Tivoli Live -…

HyTrust is a venture financed company founded in 2007. It is located in Mountain View, CA. The management is experienced, with a history at different leading vendors in the IT industry. The company has successfully built partnerships with several large players, including VMware, Cisco, and RSA Security. It has achieved several innovation awards and has won a significant number of…

SecureAuth is a single-product vendor. The product SecureAuth IEP is a platform for a strong two-factor authentication based on X.509v3 certificates for web-based applications, federated environ-ments based on SAML, and VPNs. It is deployed as appliance (hard or soft) and provided as well in cloud deployments based on Amazon EC2 and by Managed Service Providers (MSPs). Beyond the support…

2010

From the KuppingerCole perspective it is mandatory to quickly address the PxM challenges which exist in any IT environment. This requires solutions which cover all (or at least most) of the different aspects of PxM in an integrated solution, for a heterogeneous environment. Cyber-Ark PIM is defined as a suite by the vendor. However, it is more sort of an integrated product with several…

Zscaler is an integrated SaaS solution for web and e-mail security offered by the US-based company of the same name. It provides a cloud platform for anti-malware and anti-spam protection, application control, and data loss prevention.
What makes Zscaler stand out their competitors in SaaS security market is that their solution is entirely cloud-based and does not require any extra…

Novell has a long history in the fields of identity and security. The company was one of the pioneers in network operating systems and the corresponding directory and security services. Over the year, it has continued to develop and expand its portfolio. Today, identity and security remain at the heart of Novell’s business model, along with products for data centers based on Novell…

During September and October 2010 KuppingerCole conducted an independent survey of the status and plans for Virtualization Security amongst organizations. This survey shows that security is a key success factor to virtualization. Organizations transitioning to a virtualized or cloud IT model need to invest in a security strategy, in organization and skills, and in technology. Vendors need…

Virtualization Security is not a single product category but comprises several different types of solutions from different categories, including IAM (Identity and Access Management), information protection, service automation, service assurance, service management, as well as system security solutions for hardening and monitoring resources. In order to be effective, Virtualization…

Novell Identity Manager 4 is a family of products in the category of enterprise provisioning, allowing synchronizing and managing identities and entitlements, including strong policy and reporting features. Beyond the basic capabilities, Novell has added advanced role management and policy management features as well as new reporting capabilities and support for cloud applications. That…

SECUDE is a vendor specializing in security solutions mainly for SAP customers. In addition to their latest product, SECUDE Security Intelligence, the company’s portfolio includes a number of solutions providing authentication and communication within SAP environments. SECUDE Security Intelligence works by providing a layer between the various protocols and SAP-related systems…

CA Access Control Privileged User and Password Management is a solution which addresses a threat which virtually any organization today is facing: The risk of misuse of privileged accounts. Thus it is part of the PxM PxMmarket segment (with PxM being Privileged User/Account/Access/Identity Management, depending on the product specifics and the vendors marketing) within the IAM (Identity…

Quest Defender is an authentication platform solution that, unlike others in the market, offers true two-factor authentication supporting a wide range of tokens, thus providing strong authentication for a wide range of devices along with simplified token distribution. A special feature, though hardly surprising coming from Quest, is the deep integration it provides with Active Directory,…

Oracle Database Security is in fact not a single product but a set of products. It supports different features around securing content in databases. This report focuses mainly on Oracle Advanced Security and Oracle Database Vault but covers the other products as well. This is based on the fact that these two products are, from the KuppingerCole understanding, at the core of Oracle…

The IBM Tivoli Identity Manager (TIM) belongs to the category of enterprise provisioning systems. Its core function is to reconcile identity information among different systems based on defined processes and connectors to the target systems in a structured, automated, and traceable manner. IBM Tivoli Identity Manager su